FP virtumonde

Application.Win32.Adware.Virtumonde[at]554206 reported in
H:\System Volume Information_restore{3D76CF80-5FFE-40C7-9CD6-47478592A3E9}\RP25\A0006986.dll
and also A0006988.dll

I have scanned my PC with special virtumonde cleaner, it found nothing.
(VundoFix.exe from atribune.org)

This is surprising I think, but you know…

Edit: Attachment removed (already downloaded by Staff), Please don’t post possible malware here, try to use the submission url here:

Hi pan,

Thanks for reporting.We are going to check this and get back to you shortly.

Kind Regards,
Erik M.

Hi pan,

This is to inform you that the submitted files is not a false positive.
The file is detected because it’s a malware application.

Kind Regards,
Erik M.

thanks for the info, but I don’t understand it at all. There are no other files reported, and those files are not used, it was a restore point of XP. Therefore I have no idea what to do now? Is my system safe enough, or ??

The said random file is indeed most certainly a virtumonde dll.

It might be found in several Hijack This infected reports, google for it if you want to read them.

XP Restore is implemented by the last valid system files, and even if not, might be directly infected.

More generally speaking, suppose you want to wipe from xp something you don’t want to hear of (e.g., stupid screensavers, albanian keyboard if you don’t use this language…): you can’t, as they shall be restored either from dllcache or system restore.

As far as i am concerned, xp restore is of no other use then eating diskspace if you have the original cd, and i disabled it.

Even if you don’t, you should delete the said file from xp restore; if you can’t do it in real mode, do it from another partition or multiboot if any, from safe mode if not.